Login Sign Up

CVE-2025-33109

7.5 HIGH
Authentication Bypass Denial of Service

📋 TL;DR

IBM i operating systems versions 7.2 through 7.6 contain a database authority check vulnerability that allows unauthorized execution of database procedures or functions. Attackers with some database access could escalate privileges or cause denial of service. This affects all IBM i users running vulnerable versions.

💻 Affected Systems

Products:
  • IBM i
Versions: 7.2, 7.3, 7.4, 7.5, 7.6
Operating Systems: IBM i
Default Config Vulnerable: ⚠️ Yes
Notes: All IBM i installations running affected versions are vulnerable regardless of configuration.

📦 What is this software?

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

I by Ibm

View all CVEs affecting I →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through privilege escalation allowing unauthorized database operations, data manipulation, and potential denial of service affecting critical database functions.

🟠

Likely Case

Unauthorized execution of specific database procedures/functions leading to data integrity issues, information disclosure, and limited service disruption.

🟢

If Mitigated

Minimal impact if proper database access controls and monitoring are implemented, though vulnerability still exists at the system level.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires some database access credentials. The vulnerability is in database authority checking logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply IBM i PTF Group SF99725 Level 36 or higher

Vendor Advisory: https://www.ibm.com/support/pages/node/7240410

Restart Required: Yes

Instructions:

1. Check current PTF level with DSPPTF. 2. Apply PTF Group SF99725 Level 36 or higher. 3. Restart the system as required. 4. Verify installation with DSPPTF.

🔧 Temporary Workarounds

Restrict Database Access

ibmi

Limit database user permissions to minimum required and implement strict access controls.

GRTOBJAUT OBJ(library/object) OBJTYPE(*PGM) USER(user) AUT(*EXCLUDE)
WRKOBJOWN OBJ(library/*) OBJTYPE(*ALL)

🧯 If You Can't Patch

  • Implement strict database access controls and principle of least privilege
  • Monitor database activity logs for unauthorized procedure/function execution

🔍 How to Verify

Check if Vulnerable:

Check IBM i version with DSPSYSVAL QRMTSYS and verify PTF level with DSPPTF

Check Version:

DSPSYSVAL QRMTSYS

Verify Fix Applied:

Verify PTF Group SF99725 Level 36 or higher is installed using DSPPTF

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized database procedure/function execution attempts
  • Database authority check failures
  • Unexpected database service disruptions

Network Indicators:

  • Unusual database connection patterns
  • Increased database traffic from unauthorized users

SIEM Query:

source="ibm_i" AND (event_type="database_procedure_execution" OR event_type="authority_check_failure")

📊 Metadata

CVE ID: CVE-2025-33109
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-250
EPSS Score: 0.04% exploit probability (10.5th percentile)
Published: July 24, 2025
Last Updated: August 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33109, you might also want to check these:

CVE-2022-1517 10.0

CVE-2022-1517 is a critical vulnerability in LRM (likely a network management system) that allows un...

Same vulnerability type (CWE-250)
CVE-2025-32445 9.9

This CVE allows authenticated users with EventSource/Sensor CRUD permissions in Argo Events to escal...

Same vulnerability type (CWE-250)
CVE-2024-8767 9.9

This CVE allows attackers to access and manipulate sensitive data due to excessive privileges assign...

Same vulnerability type (CWE-250)